Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls.
The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek.
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads.
The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek.
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks.
The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek.
VS Code Vulnerability Allows One-Click GitHub Token Theft
A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance.
The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites.
The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek.
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers.
The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold.
The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities.
The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.
The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device.
The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
